Breach Reveals State Lawmakers’ Social Security Numbers

The state Comptroller’s Office inadvertently released the Social Security numbers of more than 300 state lawmakers and their staff members while fulfilling a separate records request from Gannett.

The security breach covered both current and former lawmakers, who were being notified late Friday by state officials that their information had been released.

The numbers, which had been hidden in a spreadsheet, appeared briefly on several Gannett New York websites Friday and the document was immediately removed after the breach was spotted.

“All impacted individuals are being contacted and immediate steps have been taken to ensure the error does not occur in the future,” said Jennifer Freeman, a spokeswoman for Comptroller Thomas DiNapoli.

The information had been accidentally provided by the Comptroller’s Office after a reporter requested information this week about per diem payments collected by lawmakers. The Social Security numbers had been hidden from public view, but were accessible on hidden pages within the spreadsheet.

The numbers had been spotted by the Comptroller’s Office early Friday afternoon. All 212 current lawmakers were included in the spreadsheet, as well as several high-ranking staffers and a handful of former legislators.

Freeman said the news organization was contacted shortly after the state office was made aware of it.

“In response to a request from a Gannett reporter, data was provided that erroneously contained protected personal information,” she said. “When the error was identified, the Office of the State Comptroller immediately contacted Gannett. Gannett was highly professional and cooperated fully with our office to protect this information.”

Calvin Stovall, executive editor of Gannett Co.’s Press & Sun-Bulletin and www.pressconnects.com, said the information was quickly pulled from the website after the organization was notified of the breach.

“We immediately took the information off our website,” Stovall said. “We clearly understand the importance of protecting such information as individuals’ Social Security numbers. Unfortunately, there was no way we knew the numbers were hidden in the database.”

The inadvertently released personal information appeared on several Gannett websites for less than one day.